[96958] in North American Network Operators' Group
Re: Advice requested
daemon@ATHENA.MIT.EDU (K K)
Tue May 29 19:19:55 2007
Date: Tue, 29 May 2007 15:44:12 -0500
From: "K K" <kkadow@gmail.com>
To: nanog <nanog@merit.edu>
Cc: pde+nanog@ehlke.net
In-Reply-To: <20070529175219.GA12225@rfc822.net>
Errors-To: owner-nanog@merit.edu
On 5/29/07, Pete Ehlke <pde+nanog@ehlke.net> wrote:
>>On Tue, 2007-05-29 at 08:21 -0700, Matthew Black wrote:
>> What would you do if a major US computer security firm attempted to
>> hack your site's servers and networks? Would you tell the company or
>> let their experts figure it out?
Personally, I would treat it like any other attack. You do have
policy and procedures for responding to intrusions and intrusion
attempts?
convene your CERT, preserve logs, document the time and other costs,
contact the law enforcement, your lawyers, and their ISP.
> Personally, I would try to find out who at my site- potentially
> including S-OX, PCI, other auditors, and the Board- contracted for
> them to do it.
Even if this were a contracted penetration test, you can't go wrong by
treating it as if this were an actual hostile attack.
If I were conducting a "pen test" and the target had managed to get an
FBI case started and convinced ISP to terminate connectivity due to
AUP violations, I would have to give them straight A's for their
response :)
Kevin
